1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2008, 2009 open80211s Ltd. 4 * Copyright (C) 2019, 2021-2023 Intel Corporation 5 * Author: Luis Carlos Cobo <luisca@cozybit.com> 6 */ 7 #include <linux/gfp.h> 8 #include <linux/kernel.h> 9 #include <linux/random.h> 10 #include <linux/rculist.h> 11 12 #include "ieee80211_i.h" 13 #include "rate.h" 14 #include "mesh.h" 15 16 #define PLINK_CNF_AID(mgmt) ((mgmt)->u.action.u.self_prot.variable + 2) 17 #define PLINK_GET_LLID(p) (p + 2) 18 #define PLINK_GET_PLID(p) (p + 4) 19 20 #define mod_plink_timer(s, t) (mod_timer(&s->mesh->plink_timer, \ 21 jiffies + msecs_to_jiffies(t))) 22 23 enum plink_event { 24 PLINK_UNDEFINED, 25 OPN_ACPT, 26 OPN_RJCT, 27 OPN_IGNR, 28 CNF_ACPT, 29 CNF_RJCT, 30 CNF_IGNR, 31 CLS_ACPT, 32 CLS_IGNR 33 }; 34 35 static const char * const mplstates[] = { 36 [NL80211_PLINK_LISTEN] = "LISTEN", 37 [NL80211_PLINK_OPN_SNT] = "OPN-SNT", 38 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD", 39 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD", 40 [NL80211_PLINK_ESTAB] = "ESTAB", 41 [NL80211_PLINK_HOLDING] = "HOLDING", 42 [NL80211_PLINK_BLOCKED] = "BLOCKED" 43 }; 44 45 static const char * const mplevents[] = { 46 [PLINK_UNDEFINED] = "NONE", 47 [OPN_ACPT] = "OPN_ACPT", 48 [OPN_RJCT] = "OPN_RJCT", 49 [OPN_IGNR] = "OPN_IGNR", 50 [CNF_ACPT] = "CNF_ACPT", 51 [CNF_RJCT] = "CNF_RJCT", 52 [CNF_IGNR] = "CNF_IGNR", 53 [CLS_ACPT] = "CLS_ACPT", 54 [CLS_IGNR] = "CLS_IGNR" 55 }; 56 57 /* We only need a valid sta if user configured a minimum rssi_threshold. */ 58 static bool rssi_threshold_check(struct ieee80211_sub_if_data *sdata, 59 struct sta_info *sta) 60 { 61 s32 rssi_threshold = sdata->u.mesh.mshcfg.rssi_threshold; 62 return rssi_threshold == 0 || 63 (sta && 64 (s8)-ewma_signal_read(&sta->deflink.rx_stats_avg.signal) > 65 rssi_threshold); 66 } 67 68 /** 69 * mesh_plink_fsm_restart - restart a mesh peer link finite state machine 70 * 71 * @sta: mesh peer link to restart 72 * 73 * Locking: this function must be called holding sta->mesh->plink_lock 74 */ 75 static inline void mesh_plink_fsm_restart(struct sta_info *sta) 76 { 77 lockdep_assert_held(&sta->mesh->plink_lock); 78 sta->mesh->plink_state = NL80211_PLINK_LISTEN; 79 sta->mesh->llid = sta->mesh->plid = sta->mesh->reason = 0; 80 sta->mesh->plink_retries = 0; 81 } 82 83 /* 84 * mesh_set_short_slot_time - enable / disable ERP short slot time. 85 * 86 * The standard indirectly mandates mesh STAs to turn off short slot time by 87 * disallowing advertising this (802.11-2012 8.4.1.4), but that doesn't mean we 88 * can't be sneaky about it. Enable short slot time if all mesh STAs in the 89 * MBSS support ERP rates. 90 * 91 * Returns BSS_CHANGED_ERP_SLOT or 0 for no change. 92 */ 93 static u64 mesh_set_short_slot_time(struct ieee80211_sub_if_data *sdata) 94 { 95 struct ieee80211_local *local = sdata->local; 96 struct ieee80211_supported_band *sband; 97 struct sta_info *sta; 98 u32 erp_rates = 0; 99 u64 changed = 0; 100 int i; 101 bool short_slot = false; 102 103 sband = ieee80211_get_sband(sdata); 104 if (!sband) 105 return changed; 106 107 if (sband->band == NL80211_BAND_5GHZ) { 108 /* (IEEE 802.11-2012 19.4.5) */ 109 short_slot = true; 110 goto out; 111 } else if (sband->band != NL80211_BAND_2GHZ) { 112 goto out; 113 } 114 115 for (i = 0; i < sband->n_bitrates; i++) 116 if (sband->bitrates[i].flags & IEEE80211_RATE_ERP_G) 117 erp_rates |= BIT(i); 118 119 if (!erp_rates) 120 goto out; 121 122 rcu_read_lock(); 123 list_for_each_entry_rcu(sta, &local->sta_list, list) { 124 if (sdata != sta->sdata || 125 sta->mesh->plink_state != NL80211_PLINK_ESTAB) 126 continue; 127 128 short_slot = false; 129 if (erp_rates & sta->sta.deflink.supp_rates[sband->band]) 130 short_slot = true; 131 else 132 break; 133 } 134 rcu_read_unlock(); 135 136 out: 137 if (sdata->vif.bss_conf.use_short_slot != short_slot) { 138 sdata->vif.bss_conf.use_short_slot = short_slot; 139 changed = BSS_CHANGED_ERP_SLOT; 140 mpl_dbg(sdata, "mesh_plink %pM: ERP short slot time %d\n", 141 sdata->vif.addr, short_slot); 142 } 143 return changed; 144 } 145 146 /** 147 * mesh_set_ht_prot_mode - set correct HT protection mode 148 * @sdata: the (mesh) interface to handle 149 * 150 * Section 9.23.3.5 of IEEE 80211-2012 describes the protection rules for HT 151 * mesh STA in a MBSS. Three HT protection modes are supported for now, non-HT 152 * mixed mode, 20MHz-protection and no-protection mode. non-HT mixed mode is 153 * selected if any non-HT peers are present in our MBSS. 20MHz-protection mode 154 * is selected if all peers in our 20/40MHz MBSS support HT and at least one 155 * HT20 peer is present. Otherwise no-protection mode is selected. 156 */ 157 static u64 mesh_set_ht_prot_mode(struct ieee80211_sub_if_data *sdata) 158 { 159 struct ieee80211_local *local = sdata->local; 160 struct sta_info *sta; 161 u16 ht_opmode; 162 bool non_ht_sta = false, ht20_sta = false; 163 164 switch (sdata->vif.bss_conf.chandef.width) { 165 case NL80211_CHAN_WIDTH_20_NOHT: 166 case NL80211_CHAN_WIDTH_5: 167 case NL80211_CHAN_WIDTH_10: 168 return 0; 169 default: 170 break; 171 } 172 173 rcu_read_lock(); 174 list_for_each_entry_rcu(sta, &local->sta_list, list) { 175 if (sdata != sta->sdata || 176 sta->mesh->plink_state != NL80211_PLINK_ESTAB) 177 continue; 178 179 if (sta->sta.deflink.bandwidth > IEEE80211_STA_RX_BW_20) 180 continue; 181 182 if (!sta->sta.deflink.ht_cap.ht_supported) { 183 mpl_dbg(sdata, "nonHT sta (%pM) is present\n", 184 sta->sta.addr); 185 non_ht_sta = true; 186 break; 187 } 188 189 mpl_dbg(sdata, "HT20 sta (%pM) is present\n", sta->sta.addr); 190 ht20_sta = true; 191 } 192 rcu_read_unlock(); 193 194 if (non_ht_sta) 195 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONHT_MIXED; 196 else if (ht20_sta && 197 sdata->vif.bss_conf.chandef.width > NL80211_CHAN_WIDTH_20) 198 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_20MHZ; 199 else 200 ht_opmode = IEEE80211_HT_OP_MODE_PROTECTION_NONE; 201 202 if (sdata->vif.bss_conf.ht_operation_mode == ht_opmode) 203 return 0; 204 205 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 206 sdata->u.mesh.mshcfg.ht_opmode = ht_opmode; 207 mpl_dbg(sdata, "selected new HT protection mode %d\n", ht_opmode); 208 return BSS_CHANGED_HT; 209 } 210 211 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 212 struct sta_info *sta, 213 enum ieee80211_self_protected_actioncode action, 214 u8 *da, u16 llid, u16 plid, u16 reason) 215 { 216 struct ieee80211_local *local = sdata->local; 217 struct sk_buff *skb; 218 struct ieee80211_tx_info *info; 219 struct ieee80211_mgmt *mgmt; 220 bool include_plid = false; 221 u16 peering_proto = 0; 222 u8 *pos, ie_len = 4; 223 u8 ie_len_he_cap, ie_len_eht_cap; 224 int hdr_len = offsetofend(struct ieee80211_mgmt, u.action.u.self_prot); 225 int err = -ENOMEM; 226 227 ie_len_he_cap = ieee80211_ie_len_he_cap(sdata, 228 NL80211_IFTYPE_MESH_POINT); 229 ie_len_eht_cap = ieee80211_ie_len_eht_cap(sdata, 230 NL80211_IFTYPE_MESH_POINT); 231 skb = dev_alloc_skb(local->tx_headroom + 232 hdr_len + 233 2 + /* capability info */ 234 2 + /* AID */ 235 2 + 8 + /* supported rates */ 236 2 + (IEEE80211_MAX_SUPP_RATES - 8) + 237 2 + sdata->u.mesh.mesh_id_len + 238 2 + sizeof(struct ieee80211_meshconf_ie) + 239 2 + sizeof(struct ieee80211_ht_cap) + 240 2 + sizeof(struct ieee80211_ht_operation) + 241 2 + sizeof(struct ieee80211_vht_cap) + 242 2 + sizeof(struct ieee80211_vht_operation) + 243 ie_len_he_cap + 244 2 + 1 + sizeof(struct ieee80211_he_operation) + 245 sizeof(struct ieee80211_he_6ghz_oper) + 246 2 + 1 + sizeof(struct ieee80211_he_6ghz_capa) + 247 ie_len_eht_cap + 248 2 + 1 + offsetof(struct ieee80211_eht_operation, optional) + 249 offsetof(struct ieee80211_eht_operation_info, optional) + 250 2 + 8 + /* peering IE */ 251 sdata->u.mesh.ie_len); 252 if (!skb) 253 return err; 254 info = IEEE80211_SKB_CB(skb); 255 skb_reserve(skb, local->tx_headroom); 256 mgmt = skb_put_zero(skb, hdr_len); 257 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 258 IEEE80211_STYPE_ACTION); 259 memcpy(mgmt->da, da, ETH_ALEN); 260 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 261 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 262 mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED; 263 mgmt->u.action.u.self_prot.action_code = action; 264 265 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 266 struct ieee80211_supported_band *sband; 267 enum nl80211_band band; 268 269 sband = ieee80211_get_sband(sdata); 270 if (!sband) { 271 err = -EINVAL; 272 goto free; 273 } 274 band = sband->band; 275 276 /* capability info */ 277 pos = skb_put_zero(skb, 2); 278 if (action == WLAN_SP_MESH_PEERING_CONFIRM) { 279 /* AID */ 280 pos = skb_put(skb, 2); 281 put_unaligned_le16(sta->sta.aid, pos); 282 } 283 if (ieee80211_add_srates_ie(sdata, skb, true, band) || 284 ieee80211_add_ext_srates_ie(sdata, skb, true, band) || 285 mesh_add_rsn_ie(sdata, skb) || 286 mesh_add_meshid_ie(sdata, skb) || 287 mesh_add_meshconf_ie(sdata, skb)) 288 goto free; 289 } else { /* WLAN_SP_MESH_PEERING_CLOSE */ 290 info->flags |= IEEE80211_TX_CTL_NO_ACK; 291 if (mesh_add_meshid_ie(sdata, skb)) 292 goto free; 293 } 294 295 /* Add Mesh Peering Management element */ 296 switch (action) { 297 case WLAN_SP_MESH_PEERING_OPEN: 298 break; 299 case WLAN_SP_MESH_PEERING_CONFIRM: 300 ie_len += 2; 301 include_plid = true; 302 break; 303 case WLAN_SP_MESH_PEERING_CLOSE: 304 if (plid) { 305 ie_len += 2; 306 include_plid = true; 307 } 308 ie_len += 2; /* reason code */ 309 break; 310 default: 311 err = -EINVAL; 312 goto free; 313 } 314 315 if (WARN_ON(skb_tailroom(skb) < 2 + ie_len)) 316 goto free; 317 318 pos = skb_put(skb, 2 + ie_len); 319 *pos++ = WLAN_EID_PEER_MGMT; 320 *pos++ = ie_len; 321 memcpy(pos, &peering_proto, 2); 322 pos += 2; 323 put_unaligned_le16(llid, pos); 324 pos += 2; 325 if (include_plid) { 326 put_unaligned_le16(plid, pos); 327 pos += 2; 328 } 329 if (action == WLAN_SP_MESH_PEERING_CLOSE) { 330 put_unaligned_le16(reason, pos); 331 pos += 2; 332 } 333 334 if (action != WLAN_SP_MESH_PEERING_CLOSE) { 335 if (mesh_add_ht_cap_ie(sdata, skb) || 336 mesh_add_ht_oper_ie(sdata, skb) || 337 mesh_add_vht_cap_ie(sdata, skb) || 338 mesh_add_vht_oper_ie(sdata, skb) || 339 mesh_add_he_cap_ie(sdata, skb, ie_len_he_cap) || 340 mesh_add_he_oper_ie(sdata, skb) || 341 mesh_add_he_6ghz_cap_ie(sdata, skb) || 342 mesh_add_eht_cap_ie(sdata, skb, ie_len_eht_cap) || 343 mesh_add_eht_oper_ie(sdata, skb)) 344 goto free; 345 } 346 347 if (mesh_add_vendor_ies(sdata, skb)) 348 goto free; 349 350 ieee80211_tx_skb(sdata, skb); 351 return 0; 352 free: 353 kfree_skb(skb); 354 return err; 355 } 356 357 /** 358 * __mesh_plink_deactivate - deactivate mesh peer link 359 * 360 * @sta: mesh peer link to deactivate 361 * 362 * Mesh paths with this peer as next hop should be flushed 363 * by the caller outside of plink_lock. 364 * 365 * Returns beacon changed flag if the beacon content changed. 366 * 367 * Locking: the caller must hold sta->mesh->plink_lock 368 */ 369 static u64 __mesh_plink_deactivate(struct sta_info *sta) 370 { 371 struct ieee80211_sub_if_data *sdata = sta->sdata; 372 u64 changed = 0; 373 374 lockdep_assert_held(&sta->mesh->plink_lock); 375 376 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB) 377 changed = mesh_plink_dec_estab_count(sdata); 378 sta->mesh->plink_state = NL80211_PLINK_BLOCKED; 379 380 ieee80211_mps_sta_status_update(sta); 381 changed |= ieee80211_mps_set_sta_local_pm(sta, 382 NL80211_MESH_POWER_UNKNOWN); 383 384 return changed; 385 } 386 387 /** 388 * mesh_plink_deactivate - deactivate mesh peer link 389 * 390 * @sta: mesh peer link to deactivate 391 * 392 * All mesh paths with this peer as next hop will be flushed 393 */ 394 u64 mesh_plink_deactivate(struct sta_info *sta) 395 { 396 struct ieee80211_sub_if_data *sdata = sta->sdata; 397 u64 changed; 398 399 spin_lock_bh(&sta->mesh->plink_lock); 400 changed = __mesh_plink_deactivate(sta); 401 402 if (!sdata->u.mesh.user_mpm) { 403 sta->mesh->reason = WLAN_REASON_MESH_PEER_CANCELED; 404 mesh_plink_frame_tx(sdata, sta, WLAN_SP_MESH_PEERING_CLOSE, 405 sta->sta.addr, sta->mesh->llid, 406 sta->mesh->plid, sta->mesh->reason); 407 } 408 spin_unlock_bh(&sta->mesh->plink_lock); 409 if (!sdata->u.mesh.user_mpm) 410 del_timer_sync(&sta->mesh->plink_timer); 411 mesh_path_flush_by_nexthop(sta); 412 413 /* make sure no readers can access nexthop sta from here on */ 414 synchronize_net(); 415 416 return changed; 417 } 418 419 static void mesh_sta_info_init(struct ieee80211_sub_if_data *sdata, 420 struct sta_info *sta, 421 struct ieee802_11_elems *elems) 422 { 423 struct ieee80211_local *local = sdata->local; 424 struct ieee80211_supported_band *sband; 425 u32 rates, basic_rates = 0, changed = 0; 426 enum ieee80211_sta_rx_bandwidth bw = sta->sta.deflink.bandwidth; 427 428 sband = ieee80211_get_sband(sdata); 429 if (!sband) 430 return; 431 432 rates = ieee80211_sta_get_rates(sdata, elems, sband->band, 433 &basic_rates); 434 435 spin_lock_bh(&sta->mesh->plink_lock); 436 sta->deflink.rx_stats.last_rx = jiffies; 437 438 /* rates and capabilities don't change during peering */ 439 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB && 440 sta->mesh->processed_beacon) 441 goto out; 442 sta->mesh->processed_beacon = true; 443 444 if (sta->sta.deflink.supp_rates[sband->band] != rates) 445 changed |= IEEE80211_RC_SUPP_RATES_CHANGED; 446 sta->sta.deflink.supp_rates[sband->band] = rates; 447 448 if (ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 449 elems->ht_cap_elem, 450 &sta->deflink)) 451 changed |= IEEE80211_RC_BW_CHANGED; 452 453 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 454 elems->vht_cap_elem, NULL, 455 &sta->deflink); 456 457 ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband, elems->he_cap, 458 elems->he_cap_len, 459 elems->he_6ghz_capa, 460 &sta->deflink); 461 462 ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband, elems->he_cap, 463 elems->he_cap_len, 464 elems->eht_cap, elems->eht_cap_len, 465 &sta->deflink); 466 467 if (bw != sta->sta.deflink.bandwidth) 468 changed |= IEEE80211_RC_BW_CHANGED; 469 470 /* HT peer is operating 20MHz-only */ 471 if (elems->ht_operation && 472 !(elems->ht_operation->ht_param & 473 IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 474 if (sta->sta.deflink.bandwidth != IEEE80211_STA_RX_BW_20) 475 changed |= IEEE80211_RC_BW_CHANGED; 476 sta->sta.deflink.bandwidth = IEEE80211_STA_RX_BW_20; 477 } 478 479 if (!test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) 480 rate_control_rate_init(sta); 481 else 482 rate_control_rate_update(local, sband, sta, 0, changed); 483 out: 484 spin_unlock_bh(&sta->mesh->plink_lock); 485 } 486 487 static int mesh_allocate_aid(struct ieee80211_sub_if_data *sdata) 488 { 489 struct sta_info *sta; 490 unsigned long *aid_map; 491 int aid; 492 493 aid_map = bitmap_zalloc(IEEE80211_MAX_AID + 1, GFP_KERNEL); 494 if (!aid_map) 495 return -ENOMEM; 496 497 /* reserve aid 0 for mcast indication */ 498 __set_bit(0, aid_map); 499 500 rcu_read_lock(); 501 list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) 502 __set_bit(sta->sta.aid, aid_map); 503 rcu_read_unlock(); 504 505 aid = find_first_zero_bit(aid_map, IEEE80211_MAX_AID + 1); 506 bitmap_free(aid_map); 507 508 if (aid > IEEE80211_MAX_AID) 509 return -ENOBUFS; 510 511 return aid; 512 } 513 514 static struct sta_info * 515 __mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *hw_addr) 516 { 517 struct sta_info *sta; 518 int aid; 519 520 if (sdata->local->num_sta >= MESH_MAX_PLINKS) 521 return NULL; 522 523 aid = mesh_allocate_aid(sdata); 524 if (aid < 0) 525 return NULL; 526 527 sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL); 528 if (!sta) 529 return NULL; 530 531 sta->mesh->plink_state = NL80211_PLINK_LISTEN; 532 sta->sta.wme = true; 533 sta->sta.aid = aid; 534 535 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH); 536 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC); 537 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED); 538 539 return sta; 540 } 541 542 static struct sta_info * 543 mesh_sta_info_alloc(struct ieee80211_sub_if_data *sdata, u8 *addr, 544 struct ieee802_11_elems *elems, 545 struct ieee80211_rx_status *rx_status) 546 { 547 struct sta_info *sta = NULL; 548 549 /* Userspace handles station allocation */ 550 if (sdata->u.mesh.user_mpm || 551 sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED) { 552 if (mesh_peer_accepts_plinks(elems) && 553 mesh_plink_availables(sdata)) { 554 int sig = 0; 555 556 if (ieee80211_hw_check(&sdata->local->hw, SIGNAL_DBM)) 557 sig = rx_status->signal; 558 559 cfg80211_notify_new_peer_candidate(sdata->dev, addr, 560 elems->ie_start, 561 elems->total_len, 562 sig, GFP_KERNEL); 563 } 564 } else 565 sta = __mesh_sta_info_alloc(sdata, addr); 566 567 return sta; 568 } 569 570 /* 571 * mesh_sta_info_get - return mesh sta info entry for @addr. 572 * 573 * @sdata: local meshif 574 * @addr: peer's address 575 * @elems: IEs from beacon or mesh peering frame. 576 * @rx_status: rx status for the frame for signal reporting 577 * 578 * Return existing or newly allocated sta_info under RCU read lock. 579 * (re)initialize with given IEs. 580 */ 581 static struct sta_info * 582 mesh_sta_info_get(struct ieee80211_sub_if_data *sdata, 583 u8 *addr, struct ieee802_11_elems *elems, 584 struct ieee80211_rx_status *rx_status) __acquires(RCU) 585 { 586 struct sta_info *sta = NULL; 587 588 rcu_read_lock(); 589 sta = sta_info_get(sdata, addr); 590 if (sta) { 591 mesh_sta_info_init(sdata, sta, elems); 592 } else { 593 rcu_read_unlock(); 594 /* can't run atomic */ 595 sta = mesh_sta_info_alloc(sdata, addr, elems, rx_status); 596 if (!sta) { 597 rcu_read_lock(); 598 return NULL; 599 } 600 601 mesh_sta_info_init(sdata, sta, elems); 602 603 if (sta_info_insert_rcu(sta)) 604 return NULL; 605 } 606 607 return sta; 608 } 609 610 /* 611 * mesh_neighbour_update - update or initialize new mesh neighbor. 612 * 613 * @sdata: local meshif 614 * @addr: peer's address 615 * @elems: IEs from beacon or mesh peering frame 616 * @rx_status: rx status for the frame for signal reporting 617 * 618 * Initiates peering if appropriate. 619 */ 620 void mesh_neighbour_update(struct ieee80211_sub_if_data *sdata, 621 u8 *hw_addr, 622 struct ieee802_11_elems *elems, 623 struct ieee80211_rx_status *rx_status) 624 { 625 struct sta_info *sta; 626 u64 changed = 0; 627 628 sta = mesh_sta_info_get(sdata, hw_addr, elems, rx_status); 629 if (!sta) 630 goto out; 631 632 sta->mesh->connected_to_gate = elems->mesh_config->meshconf_form & 633 IEEE80211_MESHCONF_FORM_CONNECTED_TO_GATE; 634 635 if (mesh_peer_accepts_plinks(elems) && 636 sta->mesh->plink_state == NL80211_PLINK_LISTEN && 637 sdata->u.mesh.accepting_plinks && 638 sdata->u.mesh.mshcfg.auto_open_plinks && 639 rssi_threshold_check(sdata, sta)) 640 changed = mesh_plink_open(sta); 641 642 ieee80211_mps_frame_release(sta, elems); 643 out: 644 rcu_read_unlock(); 645 ieee80211_mbss_info_change_notify(sdata, changed); 646 } 647 648 void mesh_plink_timer(struct timer_list *t) 649 { 650 struct mesh_sta *mesh = from_timer(mesh, t, plink_timer); 651 struct sta_info *sta; 652 u16 reason = 0; 653 struct ieee80211_sub_if_data *sdata; 654 struct mesh_config *mshcfg; 655 enum ieee80211_self_protected_actioncode action = 0; 656 657 /* 658 * This STA is valid because sta_info_destroy() will 659 * del_timer_sync() this timer after having made sure 660 * it cannot be readded (by deleting the plink.) 661 */ 662 sta = mesh->plink_sta; 663 664 if (sta->sdata->local->quiescing) 665 return; 666 667 spin_lock_bh(&sta->mesh->plink_lock); 668 669 /* If a timer fires just before a state transition on another CPU, 670 * we may have already extended the timeout and changed state by the 671 * time we've acquired the lock and arrived here. In that case, 672 * skip this timer and wait for the new one. 673 */ 674 if (time_before(jiffies, sta->mesh->plink_timer.expires)) { 675 mpl_dbg(sta->sdata, 676 "Ignoring timer for %pM in state %s (timer adjusted)", 677 sta->sta.addr, mplstates[sta->mesh->plink_state]); 678 spin_unlock_bh(&sta->mesh->plink_lock); 679 return; 680 } 681 682 /* del_timer() and handler may race when entering these states */ 683 if (sta->mesh->plink_state == NL80211_PLINK_LISTEN || 684 sta->mesh->plink_state == NL80211_PLINK_ESTAB) { 685 mpl_dbg(sta->sdata, 686 "Ignoring timer for %pM in state %s (timer deleted)", 687 sta->sta.addr, mplstates[sta->mesh->plink_state]); 688 spin_unlock_bh(&sta->mesh->plink_lock); 689 return; 690 } 691 692 mpl_dbg(sta->sdata, 693 "Mesh plink timer for %pM fired on state %s\n", 694 sta->sta.addr, mplstates[sta->mesh->plink_state]); 695 sdata = sta->sdata; 696 mshcfg = &sdata->u.mesh.mshcfg; 697 698 switch (sta->mesh->plink_state) { 699 case NL80211_PLINK_OPN_RCVD: 700 case NL80211_PLINK_OPN_SNT: 701 /* retry timer */ 702 if (sta->mesh->plink_retries < mshcfg->dot11MeshMaxRetries) { 703 u32 rand; 704 mpl_dbg(sta->sdata, 705 "Mesh plink for %pM (retry, timeout): %d %d\n", 706 sta->sta.addr, sta->mesh->plink_retries, 707 sta->mesh->plink_timeout); 708 get_random_bytes(&rand, sizeof(u32)); 709 sta->mesh->plink_timeout = sta->mesh->plink_timeout + 710 rand % sta->mesh->plink_timeout; 711 ++sta->mesh->plink_retries; 712 mod_plink_timer(sta, sta->mesh->plink_timeout); 713 action = WLAN_SP_MESH_PEERING_OPEN; 714 break; 715 } 716 reason = WLAN_REASON_MESH_MAX_RETRIES; 717 fallthrough; 718 case NL80211_PLINK_CNF_RCVD: 719 /* confirm timer */ 720 if (!reason) 721 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; 722 sta->mesh->plink_state = NL80211_PLINK_HOLDING; 723 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 724 action = WLAN_SP_MESH_PEERING_CLOSE; 725 break; 726 case NL80211_PLINK_HOLDING: 727 /* holding timer */ 728 del_timer(&sta->mesh->plink_timer); 729 mesh_plink_fsm_restart(sta); 730 break; 731 default: 732 break; 733 } 734 spin_unlock_bh(&sta->mesh->plink_lock); 735 if (action) 736 mesh_plink_frame_tx(sdata, sta, action, sta->sta.addr, 737 sta->mesh->llid, sta->mesh->plid, reason); 738 } 739 740 static inline void mesh_plink_timer_set(struct sta_info *sta, u32 timeout) 741 { 742 sta->mesh->plink_timeout = timeout; 743 mod_timer(&sta->mesh->plink_timer, jiffies + msecs_to_jiffies(timeout)); 744 } 745 746 static bool llid_in_use(struct ieee80211_sub_if_data *sdata, 747 u16 llid) 748 { 749 struct ieee80211_local *local = sdata->local; 750 bool in_use = false; 751 struct sta_info *sta; 752 753 rcu_read_lock(); 754 list_for_each_entry_rcu(sta, &local->sta_list, list) { 755 if (sdata != sta->sdata) 756 continue; 757 758 if (!memcmp(&sta->mesh->llid, &llid, sizeof(llid))) { 759 in_use = true; 760 break; 761 } 762 } 763 rcu_read_unlock(); 764 765 return in_use; 766 } 767 768 static u16 mesh_get_new_llid(struct ieee80211_sub_if_data *sdata) 769 { 770 u16 llid; 771 772 do { 773 get_random_bytes(&llid, sizeof(llid)); 774 } while (llid_in_use(sdata, llid)); 775 776 return llid; 777 } 778 779 u64 mesh_plink_open(struct sta_info *sta) 780 { 781 struct ieee80211_sub_if_data *sdata = sta->sdata; 782 u64 changed; 783 784 if (!test_sta_flag(sta, WLAN_STA_AUTH)) 785 return 0; 786 787 spin_lock_bh(&sta->mesh->plink_lock); 788 sta->mesh->llid = mesh_get_new_llid(sdata); 789 if (sta->mesh->plink_state != NL80211_PLINK_LISTEN && 790 sta->mesh->plink_state != NL80211_PLINK_BLOCKED) { 791 spin_unlock_bh(&sta->mesh->plink_lock); 792 return 0; 793 } 794 sta->mesh->plink_state = NL80211_PLINK_OPN_SNT; 795 mesh_plink_timer_set(sta, sdata->u.mesh.mshcfg.dot11MeshRetryTimeout); 796 spin_unlock_bh(&sta->mesh->plink_lock); 797 mpl_dbg(sdata, 798 "Mesh plink: starting establishment with %pM\n", 799 sta->sta.addr); 800 801 /* set the non-peer mode to active during peering */ 802 changed = ieee80211_mps_local_status_update(sdata); 803 804 mesh_plink_frame_tx(sdata, sta, WLAN_SP_MESH_PEERING_OPEN, 805 sta->sta.addr, sta->mesh->llid, 0, 0); 806 return changed; 807 } 808 809 u64 mesh_plink_block(struct sta_info *sta) 810 { 811 u64 changed; 812 813 spin_lock_bh(&sta->mesh->plink_lock); 814 changed = __mesh_plink_deactivate(sta); 815 sta->mesh->plink_state = NL80211_PLINK_BLOCKED; 816 spin_unlock_bh(&sta->mesh->plink_lock); 817 mesh_path_flush_by_nexthop(sta); 818 819 return changed; 820 } 821 822 static void mesh_plink_close(struct ieee80211_sub_if_data *sdata, 823 struct sta_info *sta, 824 enum plink_event event) 825 { 826 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 827 u16 reason = (event == CLS_ACPT) ? 828 WLAN_REASON_MESH_CLOSE : WLAN_REASON_MESH_CONFIG; 829 830 sta->mesh->reason = reason; 831 sta->mesh->plink_state = NL80211_PLINK_HOLDING; 832 mod_plink_timer(sta, mshcfg->dot11MeshHoldingTimeout); 833 } 834 835 static u64 mesh_plink_establish(struct ieee80211_sub_if_data *sdata, 836 struct sta_info *sta) 837 { 838 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 839 u64 changed = 0; 840 841 del_timer(&sta->mesh->plink_timer); 842 sta->mesh->plink_state = NL80211_PLINK_ESTAB; 843 changed |= mesh_plink_inc_estab_count(sdata); 844 changed |= mesh_set_ht_prot_mode(sdata); 845 changed |= mesh_set_short_slot_time(sdata); 846 mpl_dbg(sdata, "Mesh plink with %pM ESTABLISHED\n", sta->sta.addr); 847 ieee80211_mps_sta_status_update(sta); 848 changed |= ieee80211_mps_set_sta_local_pm(sta, mshcfg->power_mode); 849 return changed; 850 } 851 852 /** 853 * mesh_plink_fsm - step @sta MPM based on @event 854 * 855 * @sdata: interface 856 * @sta: mesh neighbor 857 * @event: peering event 858 * 859 * Return: changed MBSS flags 860 */ 861 static u64 mesh_plink_fsm(struct ieee80211_sub_if_data *sdata, 862 struct sta_info *sta, enum plink_event event) 863 { 864 struct mesh_config *mshcfg = &sdata->u.mesh.mshcfg; 865 enum ieee80211_self_protected_actioncode action = 0; 866 u64 changed = 0; 867 bool flush = false; 868 869 mpl_dbg(sdata, "peer %pM in state %s got event %s\n", sta->sta.addr, 870 mplstates[sta->mesh->plink_state], mplevents[event]); 871 872 spin_lock_bh(&sta->mesh->plink_lock); 873 switch (sta->mesh->plink_state) { 874 case NL80211_PLINK_LISTEN: 875 switch (event) { 876 case CLS_ACPT: 877 mesh_plink_fsm_restart(sta); 878 break; 879 case OPN_ACPT: 880 sta->mesh->plink_state = NL80211_PLINK_OPN_RCVD; 881 sta->mesh->llid = mesh_get_new_llid(sdata); 882 mesh_plink_timer_set(sta, 883 mshcfg->dot11MeshRetryTimeout); 884 885 /* set the non-peer mode to active during peering */ 886 changed |= ieee80211_mps_local_status_update(sdata); 887 action = WLAN_SP_MESH_PEERING_OPEN; 888 break; 889 default: 890 break; 891 } 892 break; 893 case NL80211_PLINK_OPN_SNT: 894 switch (event) { 895 case OPN_RJCT: 896 case CNF_RJCT: 897 case CLS_ACPT: 898 mesh_plink_close(sdata, sta, event); 899 action = WLAN_SP_MESH_PEERING_CLOSE; 900 break; 901 case OPN_ACPT: 902 /* retry timer is left untouched */ 903 sta->mesh->plink_state = NL80211_PLINK_OPN_RCVD; 904 action = WLAN_SP_MESH_PEERING_CONFIRM; 905 break; 906 case CNF_ACPT: 907 sta->mesh->plink_state = NL80211_PLINK_CNF_RCVD; 908 mod_plink_timer(sta, mshcfg->dot11MeshConfirmTimeout); 909 break; 910 default: 911 break; 912 } 913 break; 914 case NL80211_PLINK_OPN_RCVD: 915 switch (event) { 916 case OPN_RJCT: 917 case CNF_RJCT: 918 case CLS_ACPT: 919 mesh_plink_close(sdata, sta, event); 920 action = WLAN_SP_MESH_PEERING_CLOSE; 921 break; 922 case OPN_ACPT: 923 action = WLAN_SP_MESH_PEERING_CONFIRM; 924 break; 925 case CNF_ACPT: 926 changed |= mesh_plink_establish(sdata, sta); 927 break; 928 default: 929 break; 930 } 931 break; 932 case NL80211_PLINK_CNF_RCVD: 933 switch (event) { 934 case OPN_RJCT: 935 case CNF_RJCT: 936 case CLS_ACPT: 937 mesh_plink_close(sdata, sta, event); 938 action = WLAN_SP_MESH_PEERING_CLOSE; 939 break; 940 case OPN_ACPT: 941 changed |= mesh_plink_establish(sdata, sta); 942 action = WLAN_SP_MESH_PEERING_CONFIRM; 943 break; 944 default: 945 break; 946 } 947 break; 948 case NL80211_PLINK_ESTAB: 949 switch (event) { 950 case CLS_ACPT: 951 changed |= __mesh_plink_deactivate(sta); 952 changed |= mesh_set_ht_prot_mode(sdata); 953 changed |= mesh_set_short_slot_time(sdata); 954 mesh_plink_close(sdata, sta, event); 955 action = WLAN_SP_MESH_PEERING_CLOSE; 956 flush = true; 957 break; 958 case OPN_ACPT: 959 action = WLAN_SP_MESH_PEERING_CONFIRM; 960 break; 961 default: 962 break; 963 } 964 break; 965 case NL80211_PLINK_HOLDING: 966 switch (event) { 967 case CLS_ACPT: 968 del_timer(&sta->mesh->plink_timer); 969 mesh_plink_fsm_restart(sta); 970 break; 971 case OPN_ACPT: 972 case CNF_ACPT: 973 case OPN_RJCT: 974 case CNF_RJCT: 975 action = WLAN_SP_MESH_PEERING_CLOSE; 976 break; 977 default: 978 break; 979 } 980 break; 981 default: 982 /* should not get here, PLINK_BLOCKED is dealt with at the 983 * beginning of the function 984 */ 985 break; 986 } 987 spin_unlock_bh(&sta->mesh->plink_lock); 988 if (flush) 989 mesh_path_flush_by_nexthop(sta); 990 if (action) { 991 mesh_plink_frame_tx(sdata, sta, action, sta->sta.addr, 992 sta->mesh->llid, sta->mesh->plid, 993 sta->mesh->reason); 994 995 /* also send confirm in open case */ 996 if (action == WLAN_SP_MESH_PEERING_OPEN) { 997 mesh_plink_frame_tx(sdata, sta, 998 WLAN_SP_MESH_PEERING_CONFIRM, 999 sta->sta.addr, sta->mesh->llid, 1000 sta->mesh->plid, 0); 1001 } 1002 } 1003 1004 return changed; 1005 } 1006 1007 /* 1008 * mesh_plink_get_event - get correct MPM event 1009 * 1010 * @sdata: interface 1011 * @sta: peer, leave NULL if processing a frame from a new suitable peer 1012 * @elems: peering management IEs 1013 * @ftype: frame type 1014 * @llid: peer's peer link ID 1015 * @plid: peer's local link ID 1016 * 1017 * Return: new peering event for @sta, but PLINK_UNDEFINED should be treated as 1018 * an error. 1019 */ 1020 static enum plink_event 1021 mesh_plink_get_event(struct ieee80211_sub_if_data *sdata, 1022 struct sta_info *sta, 1023 struct ieee802_11_elems *elems, 1024 enum ieee80211_self_protected_actioncode ftype, 1025 u16 llid, u16 plid) 1026 { 1027 enum plink_event event = PLINK_UNDEFINED; 1028 u8 ie_len = elems->peering_len; 1029 bool matches_local; 1030 1031 matches_local = (ftype == WLAN_SP_MESH_PEERING_CLOSE || 1032 mesh_matches_local(sdata, elems)); 1033 1034 /* deny open request from non-matching peer */ 1035 if (!matches_local && !sta) { 1036 event = OPN_RJCT; 1037 goto out; 1038 } 1039 1040 if (!sta) { 1041 if (ftype != WLAN_SP_MESH_PEERING_OPEN) { 1042 mpl_dbg(sdata, "Mesh plink: cls or cnf from unknown peer\n"); 1043 goto out; 1044 } 1045 /* ftype == WLAN_SP_MESH_PEERING_OPEN */ 1046 if (!mesh_plink_free_count(sdata)) { 1047 mpl_dbg(sdata, "Mesh plink error: no more free plinks\n"); 1048 goto out; 1049 } 1050 1051 /* new matching peer */ 1052 event = OPN_ACPT; 1053 goto out; 1054 } else { 1055 if (!test_sta_flag(sta, WLAN_STA_AUTH)) { 1056 mpl_dbg(sdata, "Mesh plink: Action frame from non-authed peer\n"); 1057 goto out; 1058 } 1059 if (sta->mesh->plink_state == NL80211_PLINK_BLOCKED) 1060 goto out; 1061 } 1062 1063 switch (ftype) { 1064 case WLAN_SP_MESH_PEERING_OPEN: 1065 if (!matches_local) 1066 event = OPN_RJCT; 1067 if (!mesh_plink_free_count(sdata) || 1068 (sta->mesh->plid && sta->mesh->plid != plid)) 1069 event = OPN_IGNR; 1070 else 1071 event = OPN_ACPT; 1072 break; 1073 case WLAN_SP_MESH_PEERING_CONFIRM: 1074 if (!matches_local) 1075 event = CNF_RJCT; 1076 if (!mesh_plink_free_count(sdata) || 1077 sta->mesh->llid != llid || 1078 (sta->mesh->plid && sta->mesh->plid != plid)) 1079 event = CNF_IGNR; 1080 else 1081 event = CNF_ACPT; 1082 break; 1083 case WLAN_SP_MESH_PEERING_CLOSE: 1084 if (sta->mesh->plink_state == NL80211_PLINK_ESTAB) 1085 /* Do not check for llid or plid. This does not 1086 * follow the standard but since multiple plinks 1087 * per sta are not supported, it is necessary in 1088 * order to avoid a livelock when MP A sees an 1089 * establish peer link to MP B but MP B does not 1090 * see it. This can be caused by a timeout in 1091 * B's peer link establishment or B beign 1092 * restarted. 1093 */ 1094 event = CLS_ACPT; 1095 else if (sta->mesh->plid != plid) 1096 event = CLS_IGNR; 1097 else if (ie_len == 8 && sta->mesh->llid != llid) 1098 event = CLS_IGNR; 1099 else 1100 event = CLS_ACPT; 1101 break; 1102 default: 1103 mpl_dbg(sdata, "Mesh plink: unknown frame subtype\n"); 1104 break; 1105 } 1106 1107 out: 1108 return event; 1109 } 1110 1111 static void 1112 mesh_process_plink_frame(struct ieee80211_sub_if_data *sdata, 1113 struct ieee80211_mgmt *mgmt, 1114 struct ieee802_11_elems *elems, 1115 struct ieee80211_rx_status *rx_status) 1116 { 1117 1118 struct sta_info *sta; 1119 enum plink_event event; 1120 enum ieee80211_self_protected_actioncode ftype; 1121 u64 changed = 0; 1122 u8 ie_len = elems->peering_len; 1123 u16 plid, llid = 0; 1124 1125 if (!elems->peering) { 1126 mpl_dbg(sdata, 1127 "Mesh plink: missing necessary peer link ie\n"); 1128 return; 1129 } 1130 1131 if (elems->rsn_len && 1132 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) { 1133 mpl_dbg(sdata, 1134 "Mesh plink: can't establish link with secure peer\n"); 1135 return; 1136 } 1137 1138 ftype = mgmt->u.action.u.self_prot.action_code; 1139 if ((ftype == WLAN_SP_MESH_PEERING_OPEN && ie_len != 4) || 1140 (ftype == WLAN_SP_MESH_PEERING_CONFIRM && ie_len != 6) || 1141 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len != 6 1142 && ie_len != 8)) { 1143 mpl_dbg(sdata, 1144 "Mesh plink: incorrect plink ie length %d %d\n", 1145 ftype, ie_len); 1146 return; 1147 } 1148 1149 if (ftype != WLAN_SP_MESH_PEERING_CLOSE && 1150 (!elems->mesh_id || !elems->mesh_config)) { 1151 mpl_dbg(sdata, "Mesh plink: missing necessary ie\n"); 1152 return; 1153 } 1154 /* Note the lines below are correct, the llid in the frame is the plid 1155 * from the point of view of this host. 1156 */ 1157 plid = get_unaligned_le16(PLINK_GET_LLID(elems->peering)); 1158 if (ftype == WLAN_SP_MESH_PEERING_CONFIRM || 1159 (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len == 8)) 1160 llid = get_unaligned_le16(PLINK_GET_PLID(elems->peering)); 1161 1162 /* WARNING: Only for sta pointer, is dropped & re-acquired */ 1163 rcu_read_lock(); 1164 1165 sta = sta_info_get(sdata, mgmt->sa); 1166 1167 if (ftype == WLAN_SP_MESH_PEERING_OPEN && 1168 !rssi_threshold_check(sdata, sta)) { 1169 mpl_dbg(sdata, "Mesh plink: %pM does not meet rssi threshold\n", 1170 mgmt->sa); 1171 goto unlock_rcu; 1172 } 1173 1174 /* Now we will figure out the appropriate event... */ 1175 event = mesh_plink_get_event(sdata, sta, elems, ftype, llid, plid); 1176 1177 if (event == OPN_ACPT) { 1178 rcu_read_unlock(); 1179 /* allocate sta entry if necessary and update info */ 1180 sta = mesh_sta_info_get(sdata, mgmt->sa, elems, rx_status); 1181 if (!sta) { 1182 mpl_dbg(sdata, "Mesh plink: failed to init peer!\n"); 1183 goto unlock_rcu; 1184 } 1185 sta->mesh->plid = plid; 1186 } else if (!sta && event == OPN_RJCT) { 1187 mesh_plink_frame_tx(sdata, NULL, WLAN_SP_MESH_PEERING_CLOSE, 1188 mgmt->sa, 0, plid, 1189 WLAN_REASON_MESH_CONFIG); 1190 goto unlock_rcu; 1191 } else if (!sta || event == PLINK_UNDEFINED) { 1192 /* something went wrong */ 1193 goto unlock_rcu; 1194 } 1195 1196 if (event == CNF_ACPT) { 1197 /* 802.11-2012 13.3.7.2 - update plid on CNF if not set */ 1198 if (!sta->mesh->plid) 1199 sta->mesh->plid = plid; 1200 1201 sta->mesh->aid = get_unaligned_le16(PLINK_CNF_AID(mgmt)); 1202 } 1203 1204 changed |= mesh_plink_fsm(sdata, sta, event); 1205 1206 unlock_rcu: 1207 rcu_read_unlock(); 1208 1209 if (changed) 1210 ieee80211_mbss_info_change_notify(sdata, changed); 1211 } 1212 1213 void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, 1214 struct ieee80211_mgmt *mgmt, size_t len, 1215 struct ieee80211_rx_status *rx_status) 1216 { 1217 struct ieee802_11_elems *elems; 1218 size_t baselen; 1219 u8 *baseaddr; 1220 1221 /* need action_code, aux */ 1222 if (len < IEEE80211_MIN_ACTION_SIZE + 3) 1223 return; 1224 1225 if (sdata->u.mesh.user_mpm) 1226 /* userspace must register for these */ 1227 return; 1228 1229 if (is_multicast_ether_addr(mgmt->da)) { 1230 mpl_dbg(sdata, 1231 "Mesh plink: ignore frame from multicast address\n"); 1232 return; 1233 } 1234 1235 baseaddr = mgmt->u.action.u.self_prot.variable; 1236 baselen = (u8 *) mgmt->u.action.u.self_prot.variable - (u8 *) mgmt; 1237 if (mgmt->u.action.u.self_prot.action_code == 1238 WLAN_SP_MESH_PEERING_CONFIRM) { 1239 baseaddr += 4; 1240 baselen += 4; 1241 1242 if (baselen > len) 1243 return; 1244 } 1245 elems = ieee802_11_parse_elems(baseaddr, len - baselen, true, NULL); 1246 mesh_process_plink_frame(sdata, mgmt, elems, rx_status); 1247 kfree(elems); 1248 } 1249